<<< Date Index >>>     <<< Thread Index >>>

Re: 1.5.7 BUG: character set in traditional PGP



On 2005-02-11 12:27:54 +0100, Werner Koch wrote:

> Except for end of line conversions in text mode, gpg views the
> signed or encrypted data as opaque.  In theory we could look at
> the armor headers but we don't want to do that.  One reason is
> that the conversion of the data according to the armor header
> lines may change the text in an unwanted way (cf. recent IDN
> based phishing attack) and those armor headers are not part of
> the signed data, so everyone may change it without gpg noticing
> it.

Good point.  Very good point.

In fact, a very good point against doing anything but UTF-8 inside
traditional PGP encrypted text.

(Note that "best-effort handling" of signed data is opening another
can of worms, as it may, too, be abused to give different meanings
to data.)

And so we're stuck.

-- 
Thomas Roessler · Personal soap box at <http://log.does-not-exist.org/>.